From kanagaraj at aims.com.my Tue Feb 7 07:28:00 2006 From: kanagaraj at aims.com.my (Kanagaraj Krishna) Date: Tue, 7 Feb 2006 15:28:00 +0800 Subject: BGP info References: <018c01c62258$87e89170$6b86dfcb@kana> Message-ID: <01a601c62bb8$06b24100$6b86dfcb@kana> Hi, I'm currently using RANCID to do configuration backups. As anyone = used it to capture BGP related info on Cisco and Juniper? Basically "sh = ip bgp summary" on Cisco and "sh bgp summary" on Juniper. The purpose is = to monitor BGP session changes with peers. It would be helpful if any = examples are available. Thanks. Regards, Kanagaraj Krishna From afort at choqolat.org Tue Feb 7 09:18:37 2006 From: afort at choqolat.org (Andrew Fort) Date: Tue, 7 Feb 2006 20:18:37 +1100 Subject: really aweful naming convention I dislike In-Reply-To: <43C7D490.2000402@grote.name> References: <20060113072243.GA6431@ytti.fi> <007e01c6184e$53e2b540$fe2010ac@trex> <20060113144506.GA10821@ytti.fi> <43C7D490.2000402@grote.name> Message-ID: On 14/01/2006, at 3:25 AM, Justin Grote wrote: > Indeed. The closest way I could think to coming up with a unified > description for would be an XML DTD, but again, that's hard to > develop a schema that could include every possible device > description, and I'm not that smart :) does NETCONF help? (http://www.ops.ietf.org/netconf/) one of netconf's aims is to allow vendor 'uniqueness' to be expressed. it's more about standardising the data exchange protocol rather than the configuration language itself, so it doesn't solve the exact problem you're talking about. The idea is to remove the messiness of expect-driven CLI sessions, which is a pretty good start. I'm sure i got part of that wrong, though :-). for those with a bit of spare time and a cisco account, hassle your account team to let you try the "Enhanced Device Interface" (their netconf shell). -andrew From afort at choqolat.org Tue Feb 7 09:29:06 2006 From: afort at choqolat.org (Andrew Fort) Date: Tue, 7 Feb 2006 20:29:06 +1100 Subject: BGP info In-Reply-To: <01a601c62bb8$06b24100$6b86dfcb@kana> References: <018c01c62258$87e89170$6b86dfcb@kana> <01a601c62bb8$06b24100$6b86dfcb@kana> Message-ID: <64F5F68D-4AFD-4777-9B9F-D562A5415FFE@choqolat.org> On 07/02/2006, at 6:28 PM, Kanagaraj Krishna wrote: > Hi, > I'm currently using RANCID to do configuration backups. As > anyone used it to capture BGP related info on Cisco and Juniper? > Basically "sh ip bgp summary" on Cisco and "sh bgp summary" on > Juniper. The purpose is to monitor BGP session changes with peers. > It would be helpful if any examples are available. Thanks. > > Regards, > Kanagaraj Krishna > the trick is to filter out information which changes each time (version numbers, routes received numbers (you probably dont want these?)). have a look at the article from this list called "IGP routing tables diff" by David LaPorte from 10 October 2005. the code in that post will probably assist in the changes you need to add the commands and parse the output. -andrew From tex at off.org Tue Feb 7 10:00:46 2006 From: tex at off.org (Austin Schutz) Date: Tue, 7 Feb 2006 02:00:46 -0800 Subject: really aweful naming convention I dislike In-Reply-To: References: <20060113072243.GA6431@ytti.fi> <007e01c6184e$53e2b540$fe2010ac@trex> <20060113144506.GA10821@ytti.fi> <43C7D490.2000402@grote.name> Message-ID: <20060207100046.GN8967@gblx.net> On Tue, Feb 07, 2006 at 08:18:37PM +1100, Andrew Fort wrote: > > On 14/01/2006, at 3:25 AM, Justin Grote wrote: > > >Indeed. The closest way I could think to coming up with a unified > >description for would be an XML DTD, but again, that's hard to > >develop a schema that could include every possible device > >description, and I'm not that smart :) > > does NETCONF help? (http://www.ops.ietf.org/netconf/) > > one of netconf's aims is to allow vendor 'uniqueness' to be > expressed. it's more about standardising the data exchange protocol > rather than the configuration language itself, so it doesn't solve > the exact problem you're talking about. The idea is to remove the > messiness of expect-driven CLI sessions, which is a pretty good > start. I'm sure i got part of that wrong, though :-). > > for those with a bit of spare time and a cisco account, hassle your > account team to let you try the "Enhanced Device Interface" (their > netconf shell). > Once upon a time they were working on delivering config information via snmp and XML. I found the concept quite laughable, considering the already questionable nature of their snmp stack (Does the phrase "OID not increasing in value" ring a bell with anyone?). Back before the days of massive layoff we had written a rancid->xml converter, the idea was to eventually go the other direction as well instead of just using templates. Now we just have auditing scripts of ever increasing complexity examining the configs on a regular basis and skip the xml stage. It works well enough that we've never bothered going back. I would recommend just trying to get the vendors to stamp out existing bugs. *shrug* As SLAs prevent us from rotating out code with minor bugs, often we're stuck dealing with buggy ssh servers and the like for months at a time... Austin From simon at limmat.switch.ch Tue Feb 7 12:35:10 2006 From: simon at limmat.switch.ch (Simon Leinen) Date: Tue, 07 Feb 2006 13:35:10 +0100 Subject: really aweful naming convention I dislike In-Reply-To: (Andrew Fort's message of "Tue, 7 Feb 2006 20:18:37 +1100") References: <20060113072243.GA6431@ytti.fi> <007e01c6184e$53e2b540$fe2010ac@trex> <20060113144506.GA10821@ytti.fi> <43C7D490.2000402@grote.name> Message-ID: Andrew Fort writes: > On 14/01/2006, at 3:25 AM, Justin Grote wrote: >> Indeed. The closest way I could think to coming up with a unified >> description for would be an XML DTD, but again, that's hard to >> develop a schema that could include every possible device >> description, and I'm not that smart :) > does NETCONF help? (http://www.ops.ietf.org/netconf/) > one of netconf's aims is to allow vendor 'uniqueness' to be > expressed. it's more about standardising the data exchange protocol > rather than the configuration language itself, so it doesn't solve > the exact problem you're talking about. The idea is to remove the > messiness of expect-driven CLI sessions, which is a pretty good > start. I'm sure i got part of that wrong, though :-). You described the approach of NETCONF quite well. So far the IETF NETCONF WG has defined a protocol for exchanging XML-based pieces of configuration with network devices, as well as three alternative mappings to lower layers (a mandatory-to-implement one over SSH and two optional ones over SOAP and BEEP). With a bit of luck those four documents will be published as RFCs over the next few months. That is mostly the "get rid of expect" stage (although RANCID already shields you quite nicely from this). As you are putting this so nicely, NETCONF "allows vendor uniqueness" by lacking any standard "data model" for the XML-based configuration pieces themselves. The hope is that, as people gain experience with XML-based configuration of different vendors' products, we will eventually know enough to standardize at least common rules for building these XML-based configuration data models. I don't think we will be able to define a single Standard Configuration Data Model for all routers (let alone "every possible device" :-), because router vendors like to differentiate themselves by improving their configuration syntaxes. The NETCONF WG is at an interesting point in time, with the core protocol work getting finished (and encouraging signs of people already implementing it). We have recently updated the charter to include specific goals for the addition of support of asynchronous notifications to NETCONF. If you want to contribute, please consider joining the WG mailing list (follow URL mentioned above). -- Simon. NETCONF WG co-chair From justin at grote.name Tue Feb 7 17:10:52 2006 From: justin at grote.name (Justin Grote) Date: Tue, 07 Feb 2006 10:10:52 -0700 Subject: Rancid SVN support available in 2.3.2a3 Message-ID: <43E8D49C.8090705@grote.name> Greetings, This has been true for a while but I still get enough emails about my old patch to clarify. As of 2.3.2a3 (and possibly earlier) subversion support has been added to the mainline rancid releases. Just get 2.3.2a3, install it, and in rancid.conf, change the RCSYS variable from cvs to svn. Everything else should work just the same, only it'll save to a subversion backend rather than cvs (which has *many* advantages). and now for an uber-disclaimer: ***THIS WILL NOT AUTOMAGICALLY CONVERT A CVS RANCID REPOSITORY TO SUBVERSION. You must first convert an existing cvs repository using a tool like cvs2svn before using it with rancid subversion. TRYING TO USE AN EXISTING CVS REPOSITORY DIRECTLY WITH SUBVERSION TURNED ON WILL LIKELY HOSE YOUR CVS REPOSITORY. You have been warned.*** -- Justin Grote Network Architect JWG Networks From srau at rauhaus.org Tue Feb 7 17:32:34 2006 From: srau at rauhaus.org (Stafford A. Rau) Date: Tue, 7 Feb 2006 09:32:34 -0800 Subject: BGP info In-Reply-To: <01a601c62bb8$06b24100$6b86dfcb@kana> References: <018c01c62258$87e89170$6b86dfcb@kana> <01a601c62bb8$06b24100$6b86dfcb@kana> Message-ID: <20060207173234.GA28214@rauhaus.org> * Kanagaraj Krishna [060206 23:28]: > Hi, > I'm currently using RANCID to do configuration backups. As anyone > used it to capture BGP related info on Cisco and Juniper? > Basically "sh ip bgp summary" on Cisco and "sh bgp summary" on > Juniper. The purpose is to monitor BGP session changes with peers. > It would be helpful if any examples are available. Thanks. I use the clogin (jlogin for $J devices) program from RANCID in a lot of quick little perl scripts. I find it a better solution than using Net::Telnet::Cisco, as that library doesn't support ssh while clogin does. Something like so: foreach my $router (@bgp_speakers) { open CLOGIN, "/usr/local/rancid2/bin/clogin -c \"show ip bgp sum\" $router|" or die "Can't open CLOGIN: $!"; while () { ...etc... --Stafford From browan at houston.rr.com Fri Feb 17 08:05:49 2006 From: browan at houston.rr.com (Bill Rowan) Date: Fri, 17 Feb 2006 08:05:49 +0000 (UTC) Subject: Problems getting config when not enable mode References: <3F0C287A.1070609@hcs.net> <20030709164639.GZ10819@shrubbery.net> <3F0C4D2F.6060601@hcs.net> <20030709172406.GA20112@shrubbery.net> Message-ID: john heasley shrubbery.net> writes: > > Wed, Jul 09, 2003 at 01:13:19PM -0400, Fred Jordan: > > John, > > Thanks for the reply. We do have creative AAA statements that > > do allow us to type "show config" and we can see the > > startup-config file. Really this is where I am headed. At the > > privilege level we log in , which is less than 15; we can do almost > > all of the show commands. With that, I was hoping we would be able to > > either get the default clogin to work by creating the proper entry in the > > .cloginrc file for these hosts; > > This is something we're aiming to do (more configurable), but it will be > after 2.3 which I hope to push out next week sometime. > > > OR would I need to hack a xlogin > > and/or xrancid to get this to work. From your email, sounds like > > I will have to have a modified xlogin and/or xrancid and I don't know > > if I need the first, the second or both. > > xlogin/xrancid are not for the cisco. > > I ran into this problem too with the current release of RANCID. Here is a very simple hack that seemed to fix it all for me: Line 1550 in rancid change from : system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; to system "clogin -t $timeo -c \"$cisco_cmds\" $host /\#/g' > $host.raw 2>&1" || die "clogin failed for $host: $!\n"; Also line 1553 needs to change from : open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host /\#/g' |") || die "clogin failed for $host: $!\n"; That should be a nice quick hack for you. Basically, it just changes the prompt from "$HOSTNAME>" to "$HOSTNAME#", so that RANCID behaves accordingly. 2.5 years after the request is better than never. ;-) From SMartin at sourceinterlink.com Thu Feb 23 21:03:29 2006 From: SMartin at sourceinterlink.com (Seth Martin) Date: Thu, 23 Feb 2006 16:03:29 -0500 Subject: Doesnt Timeout? Message-ID: <447355EA6ECC6B46A441FC2C2E00E50601DA28AA@yukon.sourceinterlink.com> I've Installed RANCID on a fresh install of Debian. It runs just fine, I setup a spare cisco 2600 router and I am able to log the config, changes to the router get reported just fine. However if the device goes down (I turn itoff) and do a rancid-run it just hangs, and hangs, and after about 15 minutes I kill the process. I am using the TCL and expect packages from the rancid ftp server. Any idea why this would happen? Is it maybe because I have only 1 device? When the device is down the clogin does timeout. Thanks, Seth From heas at shrubbery.net Thu Feb 23 21:35:16 2006 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Feb 2006 13:35:16 -0800 Subject: Doesnt Timeout? In-Reply-To: <447355EA6ECC6B46A441FC2C2E00E50601DA28AA@yukon.sourceinterlink.com> References: <447355EA6ECC6B46A441FC2C2E00E50601DA28AA@yukon.sourceinterlink.com> Message-ID: <20060223213516.GL7063@shrubbery.net> Thu, Feb 23, 2006 at 04:03:29PM -0500, Seth Martin: > I've Installed RANCID on a fresh install of Debian. It runs just fine, > I setup a spare cisco 2600 router and I am able to log the config, > changes to the router get reported just fine. However if the device > goes down (I turn itoff) and do a rancid-run it just hangs, and hangs, > and after about 15 minutes I kill the process. I am using the TCL and > expect packages from the rancid ftp server. Any idea why this would > happen? Is it maybe because I have only 1 device? When the device is > down the clogin does timeout. That is odd. The connection should timeout (telnet or ssh) or expect should timeout waiting for either of them. Please send a transcript of an interactive login attempt ("clogin device") while it is off or disconnected. eg: % jlogin jnx jnx spawn telnet jnx Trying 198.58.5.26... telnet: Unable to connect to remote host: No route to host Error: Couldn't login From SMartin at sourceinterlink.com Thu Feb 23 21:44:46 2006 From: SMartin at sourceinterlink.com (Seth Martin) Date: Thu, 23 Feb 2006 16:44:46 -0500 Subject: Doesnt Timeout? Message-ID: <447355EA6ECC6B46A441FC2C2E00E50601DA290E@yukon.sourceinterlink.com> debian:~$ bin/clogin 192.168.15.145 192.168.15.145 spawn telnet 192.168.15.145 Trying 192.168.15.145... Error: TIMEOUT reached debian:~$ That actually works which is fine, but now if I do a: debian:~$ bin/rancid-run it just hangs and never returns me to the prompt, I've let this run for up to 15 minutes (I timed it and gave up after 15) if I check the processes while its hanging I can see the following: debian:~$ ps -ux Warning: bad syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND rancid 20000 0.0 0.4 2988 1636 pts/0 S 16:38 0:00 sh rancid 20018 0.0 0.3 2708 1296 pts/0 S+ 16:40 0:00 /bin/sh bin/rancid-run rancid 20019 0.0 0.3 2708 1296 pts/0 S+ 16:40 0:00 /bin/sh bin/rancid-run rancid 20023 0.0 0.3 2728 1316 pts/0 S+ 16:40 0:00 /bin/sh /usr/local/rancid//bin/control_rancid networking rancid 20066 0.2 0.4 2972 1580 pts/2 S 16:41 0:00 sh rancid 20071 1.0 0.4 3848 1848 pts/0 S+ 16:41 0:00 /usr/bin/perl /usr/local/rancid//bin/par -q -n 5 -c rancid-fe \{} /usr/local/rancid//var/netwo rancid 20072 1.0 0.3 2688 1196 pts/0 S+ 16:41 0:00 sh -c (rancid-fe \192.168.15.145:cisco) rancid 20073 3.0 0.6 4776 2680 pts/0 S+ 16:41 0:00 /usr/bin/perl /usr/local/rancid//bin/rancid 192.168.15.145 rancid 20074 0.5 0.3 2716 1244 pts/0 S+ 16:41 0:00 sh -c clogin -t 90 -c "admin show version;show version;show redundancy secondary;show idprom b rancid 20075 0.5 0.4 2988 1672 pts/0 S+ 16:41 0:00 /usr/local/bin/expect -- /usr/local/rancid//bin/clogin -t 90 -c admin show version;show versio rancid 20076 0.5 0.3 3460 1328 pts/1 Ss+ 16:41 0:00 telnet 192.168.15.145 rancid 20079 0.0 0.2 2480 860 pts/2 R+ 16:41 0:00 ps -ux debian:~$ Is there anyway to see a more verbose output so I can see where its stuff? Seth Martin -Desk: 239-949-4450 x6705 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Thursday, February 23, 2006 4:35 PM To: Seth Martin Cc: rancid-discuss at shrubbery.net Subject: Re: Doesnt Timeout? Thu, Feb 23, 2006 at 04:03:29PM -0500, Seth Martin: > I've Installed RANCID on a fresh install of Debian. It runs just fine, > I setup a spare cisco 2600 router and I am able to log the config, > changes to the router get reported just fine. However if the device > goes down (I turn itoff) and do a rancid-run it just hangs, and hangs, > and after about 15 minutes I kill the process. I am using the TCL and > expect packages from the rancid ftp server. Any idea why this would > happen? Is it maybe because I have only 1 device? When the device is > down the clogin does timeout. That is odd. The connection should timeout (telnet or ssh) or expect should timeout waiting for either of them. Please send a transcript of an interactive login attempt ("clogin device") while it is off or disconnected. eg: % jlogin jnx jnx spawn telnet jnx Trying 198.58.5.26... telnet: Unable to connect to remote host: No route to host Error: Couldn't login From SMartin at sourceinterlink.com Thu Feb 23 21:52:34 2006 From: SMartin at sourceinterlink.com (Seth Martin) Date: Thu, 23 Feb 2006 16:52:34 -0500 Subject: Doesnt Timeout? Message-ID: <447355EA6ECC6B46A441FC2C2E00E50601DA2921@yukon.sourceinterlink.com> I think I found my problem This was commented out: MAX_ROUNDS=2; export MAX_ROUNDS I set it to 2 rounds and now it fails after 3 minutes (180 seconds, 2 time out sessions) If this is commented out (as is in the default config example) how many times will it retry? In the howto I also found it didn't make any reference to this either. Seth Martin -Desk: 239-949-4450 x6705 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Thursday, February 23, 2006 4:35 PM To: Seth Martin Cc: rancid-discuss at shrubbery.net Subject: Re: Doesnt Timeout? Thu, Feb 23, 2006 at 04:03:29PM -0500, Seth Martin: > I've Installed RANCID on a fresh install of Debian. It runs just fine, > I setup a spare cisco 2600 router and I am able to log the config, > changes to the router get reported just fine. However if the device > goes down (I turn itoff) and do a rancid-run it just hangs, and hangs, > and after about 15 minutes I kill the process. I am using the TCL and > expect packages from the rancid ftp server. Any idea why this would > happen? Is it maybe because I have only 1 device? When the device is > down the clogin does timeout. That is odd. The connection should timeout (telnet or ssh) or expect should timeout waiting for either of them. Please send a transcript of an interactive login attempt ("clogin device") while it is off or disconnected. eg: % jlogin jnx jnx spawn telnet jnx Trying 198.58.5.26... telnet: Unable to connect to remote host: No route to host Error: Couldn't login From asp at partan.com Thu Feb 23 21:57:30 2006 From: asp at partan.com (Andrew Partan) Date: Thu, 23 Feb 2006 16:57:30 -0500 Subject: Doesnt Timeout? In-Reply-To: <447355EA6ECC6B46A441FC2C2E00E50601DA2921@yukon.sourceinterlink.com> References: <447355EA6ECC6B46A441FC2C2E00E50601DA2921@yukon.sourceinterlink.com> Message-ID: <20060223215730.GA70493@partan.com> On Thu, Feb 23, 2006 at 04:52:34PM -0500, Seth Martin wrote: > If this is commented out (as is in the default config example) how many > times will it retry? In the howto I also found it didn't make any > reference to this either. The default is 4 rounds. You should see this happening in your log file. --asp From heas at shrubbery.net Thu Feb 23 22:14:23 2006 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Feb 2006 14:14:23 -0800 Subject: Doesnt Timeout? In-Reply-To: <20060223215730.GA70493@partan.com> References: <447355EA6ECC6B46A441FC2C2E00E50601DA2921@yukon.sourceinterlink.com> <20060223215730.GA70493@partan.com> Message-ID: <20060223221423.GW7063@shrubbery.net> Thu, Feb 23, 2006 at 04:57:30PM -0500, Andrew Partan: > On Thu, Feb 23, 2006 at 04:52:34PM -0500, Seth Martin wrote: > > If this is commented out (as is in the default config example) how many > > times will it retry? In the howto I also found it didn't make any > > reference to this either. > > The default is 4 rounds. > You should see this happening in your log file. man rancid.conf From kanagaraj at aims.com.my Fri Feb 24 05:13:07 2006 From: kanagaraj at aims.com.my (Kanagaraj Krishna) Date: Fri, 24 Feb 2006 13:13:07 +0800 Subject: RANCID login info References: <018c01c62258$87e89170$6b86dfcb@kana> Message-ID: <011101c63900$ffe0bea0$6b86dfcb@kana> Hi, I'm currently having RANCID for my config management and have it to = run every 6 hours. I have a few questions: - I realise that RANCID keeps only the latest/last config for each = device after running differ. It would pose a problem, if i want to do = configuration fallback to a few days back. Is there a way to keep = backups of the full config, each time the differ runs. - How can I upload the config straight to a device (minus other output = info like sh version, sh vlan etc, which is also in the backup file)? Regards, Kana From shekhar at mercantile.com.np Fri Feb 24 05:34:35 2006 From: shekhar at mercantile.com.np (Shekhar Basnet) Date: Fri, 24 Feb 2006 11:19:35 +0545 Subject: RANCID login info In-Reply-To: <011101c63900$ffe0bea0$6b86dfcb@kana> References: <018c01c62258$87e89170$6b86dfcb@kana> <011101c63900$ffe0bea0$6b86dfcb@kana> Message-ID: <1140759275.2344.1158.camel@chulu.mos.com.np> Hi, I am running ViewCVS (http://viewcvs.sourceforge.net/) on the server where RANCID is running so that all the old configs are always available on a click. HTH Shekhar. On Fri, 2006-02-24 at 10:58, Kanagaraj Krishna wrote: > Hi, > I'm currently having RANCID for my config management and have it > to run every 6 hours. I have a few questions: > > - I realise that RANCID keeps only the latest/last config for each > device after running differ. It would pose a problem, if i want to do > configuration fallback to a few days back. Is there a way to keep > backups of the full config, each time the differ runs. > > - How can I upload the config straight to a device (minus other output > info like sh version, sh vlan etc, which is also in the backup file)? > > Regards, > Kana From heas at shrubbery.net Fri Feb 24 06:32:04 2006 From: heas at shrubbery.net (john heasley) Date: Thu, 23 Feb 2006 22:32:04 -0800 Subject: RANCID login info In-Reply-To: <011101c63900$ffe0bea0$6b86dfcb@kana> References: <018c01c62258$87e89170$6b86dfcb@kana> <011101c63900$ffe0bea0$6b86dfcb@kana> Message-ID: <20060224063204.GM29180@shrubbery.net> Fri, Feb 24, 2006 at 01:13:07PM +0800, Kanagaraj Krishna: > Hi, > I'm currently having RANCID for my config management and have it to run every 6 hours. I have a few questions: > > - I realise that RANCID keeps only the latest/last config for each device after running differ. It would pose a problem, if i want to do configuration fallback to a few days back. Is there a way to keep backups of the full config, each time the differ runs. It essentially keeps every collection. Please see cvs's -r option and the CVS tutorial mentioned in the FAQ. > - How can I upload the config straight to a device (minus other output info like sh version, sh vlan etc, which is also in the backup file)? non-config lines are commented, so you do not need to remove them, the device should ignore them. or, just pipe it through sed; sed -e '/^!/d'. From cmoody at qualcomm.com Sat Feb 25 01:47:37 2006 From: cmoody at qualcomm.com (Chris Moody) Date: Fri, 24 Feb 2006 17:47:37 -0800 Subject: Cisco TACACS - PASSCODE Message-ID: <43FFB739.2060609@qualcomm.com> I have added an auth method for TACACS enable on Cisco routers/switches. This handles "PASSCODE:" prompts. This may have been implemented/addressed elsewhere, but the latest version of rancid I pulled down and installed did not have this capability. Cheers, -Chris ex> cp clogin.patch_PASSCODE $rancid_bin_dir cd $rancid_bin_dir patch clogin References: <43FFB739.2060609@qualcomm.com> Message-ID: <20060225061912.GB11073@panix.com> On Fri, Feb 24, 2006 at 05:47:37PM -0800, Chris Moody wrote: > I have added an auth method for TACACS enable on Cisco routers/switches. > This handles "PASSCODE:" prompts. > > This may have been implemented/addressed elsewhere, but the latest > version of rancid I pulled down and installed did not have this capability. ... > send "enable\r" > expect { > -re "$u_prompt" { send "$enauser\r"; exp_continue} > -re "$e_prompt" { send "$enapasswd\r"; exp_continue} > + -re "$t_prompt" { send "$enapasswd\r"; exp_continue} ... > + ##### > + # 02.23.06 - adding PASSCODE method > + set t_prompt [find enableprompt $router] > + if { "$t_prompt" == "" } { > + set t_prompt "\PASSCODE:" > + } else { > + set t_prompt [join [lindex $t_prompt 0] ""] > + } > + ##### Since $e_prompt is a regular expression, why not forget about the patch and instead do something like this in cloginrc: add enableprompt {\[Pp]assword:|PASSCODE:} Also, ISTR that you can control the TACACS enable prompt from the TACACS server - so depending on which server you're running, it might be possible to change the enable prompt back to the usual. From tex at off.org Sun Feb 26 00:15:45 2006 From: tex at off.org (Austin Schutz) Date: Sat, 25 Feb 2006 16:15:45 -0800 Subject: Cisco TACACS - PASSCODE In-Reply-To: <20060225061912.GB11073@panix.com> References: <43FFB739.2060609@qualcomm.com> <20060225061912.GB11073@panix.com> Message-ID: <20060226001545.GA22514@gblx.net> > > Since $e_prompt is a regular expression, why not forget about > the patch and instead do something like this in cloginrc: > > add enableprompt {\[Pp]assword:|PASSCODE:} > If this is a common setting (seems like I've seen this before) it's probably worthwhile to add the patch even if it can be done w/ the enableprompt setting. Austin